dridex | b2cb49e4e63b41c50e7f2f69c3cf4fea77d81507361363542f66d942e279f6b5 | Triage

Sharing

General

Target

b2cb49e4e63b41c50e7f2f69c3cf4fea77d81507361363542f66d942e279f6b5
Size

354KB
Sample

220205-nagk9aagc4
MD5

bc7a9f509c9ae86dc0361845eaedf6b7
SHA1

f1d0279c7bb14e4489caecb6f97ee615958cc3b4
SHA256

b2cb49e4e63b41c50e7f2f69c3cf4fea77d81507361363542f66d942e279f6b5
SHA512

e942a1304aaeaede73e3bfbc3f60e64e4f9020109f6afa0f553b3778b26d01ed980757aa23a62961d095969ce1ff4bc98b0a8a31f4773984bad3212b57f4f948

Score

10^/10

dridex 10555 botnet

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

79.137.83.50:443

173.212.212.173:3074

80.86.81.31:3389

85.25.185.155:691

rc4.plain

rc4.plain

Targets

- Target
  
  Document#974529430157.vbs
- Size
  
  987KB
- MD5
  
  d3e868f6112ee5c6a414b6f3087a5276
- SHA1
  
  2cc732a9b0620c15bebf1bbfe4b9dc8c0a22f8c9
- SHA256
  
  72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
- SHA512
  
  5542f7f4da1aa4684b1fef8407f81a07d20fa662ed2f94ccb9196cf77c78e7f89e4c9994c6d2b7b52c9c1aefdb608becc56b813ac49a7dc6ee41b7a5295cdf8d
Score

10^/10

dridex 10555 botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10555botnet

behavioral2